OBJECTIVE

Please note: I am not currently seeking other employment opportunities
I am seeking a technical, full time position that will effectively utilize my education and training and experience in the field of information security and leverage my engineering mindset. I have focused my career on intrusion detection, vulnerability assessment, and security incident analysis, and am keen on positions that permit me to do information security-related research and analysis.

EDUCATION

Master of Science in Computer Science
The George Washington University, December 2009, Cumulative GPA: 3.8

Bachelor of Science in Computer Engineering
The University of Dayton, May 2001, Cumulative GPA:3.1

GIAC Certified Intrusion Analyst (GCIA Gold Certification)
January, 2003

GIAC Reverse Engineering Malware (GREM Certificate)
October, 2006

GIAC Certified Forensic Analyst (GCFA Gold Certification)
November, 2006

WORK EXPERIENCE

Lockheed Martin Corp.	Gaithersburg, MD
Intel Fusion Team Lead, LM-CIRT	10/05 - Present

• Lead evolution of fundamental network defense paradigms to guide tactical and strategic network defense of the enterprise, collectively referred to as Security Intelligence
• Lead development of Intel Fusion team from ground up
  • Define all responsibilities and processes of team, own team responsibilities, lead and participate in execution
  • Develop new detection techniques empirically following the scientific method
  • Codify and mature new detection techniques in existing or newly developed tools for handoff to incident responders
  • Develop and manage knowledge of all identified adversaries using security intelligence principles, leverage knowledge to inform tactical and strategic detections, mitigations
• Guide development of enterprise sensor grid to detect intrusions and data exfiltration
  • Assist in deployment of and act as SME for corporate deployment of Sourcefire IDS's
  • Lead deployment of and act as SME for 30TB enterprise SIM infrastructure (Arcsight)
  • Design, deploy, and guide development on Linux-based custom detection platform
  • Partner with researchers in the academic community to identify and leverage emerging detection technologies
• Leverage existing and develop new tools to
  • Lead and support incident response efforts
  • Lead and support digital forensic investigations
  • Support malware and custom command-and-control reverse engineering efforts
  • Lead and support emerging vulnerability research
• Research security aspects of technologies to provide technically-based guidance to enterprise
• Leverage intelligence on adversaries collected from internal investigations and partnerships with the defense industrial base, intel community, and DoD
• Interface with customers and potential customers of CIRT-related contracts
• Develop content for, and teach, internal Introduction to Cryptography class
• Lecture to Carnegie-Mellon graduate students on broad range of information security topics and careers therein

Tools/technologies include: Arcsight, Sourcefire, Encase, FTK, i2 Analyst Notebook, awk/sed/bash, Perl, C, Helix, TSK, Niksun, way too much Powerpoint, and serious Excel data analysis

Open System Sciences	Newington, VA
Information Security Analyst	12/03 - 10/05

• Responsibilities on contract to US Agency for International Development
  • Primary Intrusion Detection analyst: Tune, leverage Cisco SecureIDS, ISS Server Sensor HIDS, and netForensics SIM to identify and resolve security incidents.
  • Identify security-related issues and provide technical information for remediation.
  • Support client in ad-hoc security work and research as necessary.
• Accomplishments on contract to US Agency for International Development
  • Assist in deployment of enterprise-wide vulnerability assessment program, from product evaluations to deployment of nCircle's IP360. Create manual and automated processes to further enhance the solution.
  • Assist in global deployment and management of 92 Cisco SecureIDS sensors. Document procedures enabling easy implementation at remote sites. Tune all IDS's as implemented.
  • Lead deployment of Skybox Enterprise Risk Management Tool
  • Lead project to evaluate, select, pilot, deploy, and tune ISS RealSecure host agents to critical assets.
  • Perform IDS installations and security training at offices in Cairo, Tel Aviv, Jerusalem, New Delhi
  • Author Agency-wide guidelines on incident response.
  • Act as backup for netForensics SIM system and Linux systems used by the security group.

Received personal Letter of Commendation from USAID CTO
Attendance of netForensics technical training
nCircle IP360 Vulnerability Assessment program featured in 03/30/2005 installment of SANS "What Works"

Fifth Third Bank	Cincinnati, OH
Information Security Analyst	06/01 - 12/03

• Responsibilities
  • Primary Intrusion Detection analyst: Leverage ISS RealSecure and Snort to detect intrusion attempts. Follow up and perform forensic analysis on intrusion attempts.
  • Vulnerability and penetration testing with nmap, Nessus, ISS Internet Scanner, and custom tools/scripts.
  • Address security-related issues affecting Windows workstations and servers, as well as AIX servers
  • Research new malware/virus threats, determine exposure, and take risk mitigation steps; analysis of unknown malware/virus variants.
  • Assist in enterprise-wide policy creation and ongoing Federal & State audits affecting 400 servers, 18,000 workstations, 100 IDS sensors, 16 firewalls, and networking equipment.
  • Lead and assist in forensic investigations involving computing resources.
• Accomplishments
  • Plan, deploy, and maintain ISS RealSecure IDS to monitor systems enterprise-wide.
  • Plan, deploy, and maintain scalable Snort IDS solution for the enterprise.
  • Plan and deploy enterprise-wide log consolidation software for central monitoring and reporting.
  • Plan and deploy ePolicy Orchestrator for Virus/Malware exposure analysis, protection, & reporting.
  • Develop and implement methods to prevent unauthorized hardware from accessing network resources.
  • Develop and implement a process for quickly deploying, updating, and reporting on antivirus definitions.
  • Develop process for bitwise duplication of hard disk drives for forensic purposes.
  • Assist in development of corporate incident handling policies and procedures documents for a Fortune 500 Company.

Attendance of SANS conferences: Track 3 (Intrusion Detection), War on Internet Worms
Attendance of Microsoft training: Windows 2000 and Active Directory for NT Administrators

University of Dayton Research Institute (UDRI)	Dayton, OH
Computer Engineer co-op, MLLN Materials Directorate	01/00 - 05/01

• Design, write, support application for reduction of data files from Accoustic Emission strength tests (C++)
• Automate analysis of data collected on Titanium Metal Matrix Composites
• Take part in organization of data for presentation to clients
• Work in conjunction with USAF engineers on various projects

DLP Technologies, Inc.	Cincinnati, OH
Network Support Engineer	Part-time, 1997 - 1999

• Internet Solutions Consultation & Sales
• Onsite server, workstation, and LAN setup, configuration, and troubleshooting
• SCO UNIX, LINUX, Windows NT 4.0 & 3.51, Citrix Winframe server setup and administration
• Administration on internal SCO UNIX servers providing WAN connectivity
• Configuration and troubleshooting with Ascend & Cisco ISDN, FR, and dial-up routers
• Mid- to upper-level technical support for system administrators
• Programming for server maintenance in BASH, PERL, and C

Attendance of SCO Administration I course and telecomm/computer industry conferences